Certified Information Systems Security Professional (CISSP) — Question 438

Which of the following would an information security professional use to recognize changes to content, particularly unauthorized changes?

Answer options

• A. File Integrity Checker
• B. Security information and event management (SIEM) system
• C. Audit Logs
• D. Intrusion detection system (IDS)

Correct answer: A

Explanation

The correct answer is A, as a File Integrity Checker specifically monitors and detects unauthorized changes to files. Options B, C, and D serve different purposes; for instance, a SIEM system analyzes security events, audit logs track user activities without content change detection, and an IDS identifies suspicious activities but does not focus solely on file integrity.